TRENDING:

Healthcare Information Exchange (HIE) , HIPAA/HITECH , Standards, Regulations & Compliance

Testing Secure Texting for Healthcare

DirectTrust CEO David Kibbe Discusses New Efforts Underway Marianne Kolbasuk McGee (HealthInfoSec) • March 3, 2016     15 Minutes   
Testing Secure Texting for Healthcare
David Kibbe, M.D., CEO of DirectTrust

DirectTrust is beta testing a new version of its Direct protocol for secure email messaging that can support secure texting and "chats" involving health information on mobile devices, says David Kibbe, M.D., the association's president and CEO.

"We are making slow but steady progress in the development of a [Direct-based] protocol for texting, or online chat, that is the analogue of the Direct protocol for online messaging," he says in an interview with Information Security Media Group during the HIMSS 2016 Conference in Las Vegas.

DirectTrust is a not-for-profit trade association that created and maintains the security and trust framework for using the Direct Project protocol, which offers a way to meet the secure data exchange requirements for the HITECH Act electronic health record incentive program.

The Direct messaging protocol provides specifications for a secure, scalable, standards-based way to send encrypted health information directly to known, trusted recipients over the Internet. The current version of the protocol facilitates the simplest form of health information exchange involving secure email. Leveraging the Direct protocol for data exchange requires the use of a Health Internet Service Provider, or HISP, and a certificate authority.

A new version of the protocol for use in secure texting or online chats "is in beta testing with several HISPs, the idea being that if you as a user have a Direct [email] address, you will be able to acquire from that HISP an account for online texting at the same time," he says.

"And that would afford the same kind of interoperability between organizational and IT systems that the Direct messaging has provided. We're very cautious. We need to make sure there's a demand for that, but we think there is. Doctors, nurses, everyone involved in healthcare wants to use their smartphones, and they want that ability of moving messages to be online, real-time and more of a conversation rather than asynchronous messages."

Kibbe says he's "cautiously optimistic" that the Direct-based texting will come to fruition in 2016.

Other Projects

In the interview (see link to audio below photo), he also discusses:

  • The importance of a recent agreement between DirectTrust and the Federal Health Architecture for a new Governmental Trust Anchor Bundle. A trust bundle is a collection of anchor certificates from HISPs. The Federal Health Architecture is an initiative designed to bring together the decision makers in federal health IT for interagency collaboration. The new government trust anchor bundle will enable as many as 23 federal agencies, including the Department of Defense, Veterans Administration and the Centers for Medicare and Medicaid Services, to begin using Direct messaging for the electronic exchange of health information with private sector healthcare providers.
  • How the Direct messaging protocol fits into a new "interoperability pledge" that has been taken by dozens of large vendors of electronic health record systems and healthcare organizations to help advance secure health data exchange.
  • His biggest privacy and security worries surrounding Internet of Things devices in the healthcare sector.

Kibbe, a physician, is founding president and CEO of DirectTrust. He is also senior adviser to the American Academy of Family Physicians. Kibbe in 2014 was named a top 10 Healthcare Information Security influencer by Information Security Media Group.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Previous
Using Predictive Analytics to Defend Against Emerging Threats
Next
A 'Pledge' to Facilitate Secure Health Data Exchange



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.